Johannes Franken wrote:
* Neil Anderson
[2003-12-09 21:46 +0100]: I SSH to my Linux box ok, start a VNC server ok and can do a "straight" VNC into the linux box. However, if I try to use the VNC viewer to set up a connection to localhost on the Windoze machine (to use port forwarding) nothing happens and if I look in PuTTY's event log it has the error "server refused forwarded connection".
Just some ideas:
1.) The server's /etc/ssh/sshd_config doesn't contain "AllowTcpForwarding=no", does it?
Nope - my sshd config didn't have anything about TCP forwarding in it so I explicitly enabled it with AllowTcpForwarding=yes
2.) Are there any "no-port-forwarding" or "permitopen" options in your ~/.ssh/authorized_keys ?
There is no authorized_keys file (aha?)
3.) Are you forwarding to the right port? "lsof -Pai -c Xvnc" and "netstat -ptan|grep Xvnc" can find out the port of the vncserver, like "*:5901 (LISTEN)" or "0.0.0.0:5901" (mind the ip address before the colon: it must be wildcard or localhost)
Yes I am sure it is the right port that is being forwarded - I am forwarding the client port 5901 to server port 5904 where the vnc server is intialised on display 4
4.) Are you forwarding to the right host? Try 127.0.0.1 instead of "localhost" or any hostname.
I'm fairly sure I have tried this, but I'll try again
5.) Can you locally connect to the vncserver? Check with "nc -v localhost 5901" or "telnet localhost 5901" from the server's shell. It must print a line starting with "RFB".
Yes, this works ok
6.) Is the server's /etc/hosts missing the line "127.0.0.1 localhost"?
No, this line is present
7.) If this all doesn't help, I'd next try to trace the server's loopback interface by running "tcpdump -i lo port 5901" as root.
Yeh, am swiftly reaching the conclusion that I'll have to do a packet sniff on the server to see what's going on. I still don't understand why it works on the LAN but not over the internet! Thanks for you suggestions - much appreciated, Neil